]> xenbits.xensource.com Git - xen.git/commit
projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b49839e) | patch
flask: unify {get, set}vcpucontext permissions
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Mon, 20 Jun 2016 14:04:16 +0000 (10:04 -0400)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 21 Jun 2016 14:54:27 +0000 (15:54 +0100)
commit53c300ab1ca0c5df99c98e756b5f681e29d5d880
tree876c1731d0647579dd517c04e745d6479d9e8890tree
parentb49839ef4e6ba183503912d169df7635e1c6df54commit | diff
flask: unify {get, set}vcpucontext permissions

These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require a carefully contrived situation for a domain
to both need access to one type of CPU register and also need to be
prohibited from accessing another type.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
tools/flask/policy/modules/dom0.te diff | blob | blame | history
tools/flask/policy/modules/xen.if diff | blob | blame | history
xen/xsm/flask/hooks.c diff | blob | blame | history
xen/xsm/flask/policy/access_vectors diff | blob | blame | history
Xen (staging and unstable) mirror